ok, what should I change?
1 Like
First, let's rename this:
/etc/letsencrypt/live/online.cdiu.university
to this:
/etc/letsencrypt/live/online.cdiu.university-0001
Then let's see the output of these:
ls -l /etc/letsencrypt/live
ls -l /etc/letsencrypt/archive
1 Like
ok ready;
root@online:/etc/letsencrypt/live# ls -lrht online.cdiu.university-001
total 4.0K
-rw-r--r-- 1 root root 692 Oct 8 12:43 README
lrwxrwxrwx 1 root root 54 Jan 1 00:59 privkey.pem -> ../../archive/online.cdiu.university-0001/privkey1.pem
lrwxrwxrwx 1 root root 56 Jan 1 00:59 fullchain.pem -> ../../archive/online.cdiu.university-0001/fullchain1.pem
lrwxrwxrwx 1 root root 52 Jan 1 00:59 chain.pem -> ../../archive/online.cdiu.university-0001/chain1.pem
lrwxrwxrwx 1 root root 51 Jan 1 00:59 cert.pem -> ../../archive/online.cdiu.university-0001/cert1.pem
root@online:/etc/letsencrypt/live# ls -l /etc/letsencrypt/live
total 20
drwxr-xr-x 2 root root 4096 Jul 9 02:43 ORIG-online.cdiu.university
-rw-r--r-- 1 root root 740 Jul 9 02:43 README
drwxr-xr-x 2 root root 4096 Oct 8 12:43 online.cdiu.university-0001-ORIG-renewed
drwxr-xr-x 2 root root 4096 Jan 1 00:59 online.cdiu.university-001
drwxr-xr-x 2 root root 4096 Jan 1 00:59 online.cdiu.university-12-31-2020
root@online:/etc/letsencrypt/live# ls -l /etc/letsencrypt/archive
total 8
drwxr-xr-x 2 root root 4096 Jan 1 00:59 online.cdiu.university
drwxr-xr-x 2 root root 4096 Oct 8 12:43 online.cdiu.university-0001
1 Like
You missed a 0 in the renaming.
Should be 0001, not 001
Once you've fixed that, let's see this:
ls -l /etc/letsencrypt/archive/online.cdiu.university-0001
1 Like
Ok I did moved to 0001
I try to reload and It come up like this
root@online:/etc/letsencrypt/live# sudo systemctl reload nginx
Job for nginx.service failed.
See "systemctl status nginx.service" and "journalctl -xe" for details.
root@online:/etc/letsencrypt/live# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-12-28 19:47:53 UTC; 3 days ago
Docs: man:nginx(8)
Process: 1387 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 1400 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 102702 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=1/FAILURE)
Main PID: 1401 (nginx)
Tasks: 3 (limit: 4567)
Memory: 10.0M
CGroup: /system.slice/nginx.service
├─ 1401 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─92540 nginx: worker process
└─92541 nginx: worker process
Jan 01 01:51:04 online.cdiu.university systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jan 01 01:51:04 online.cdiu.university systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
Jan 01 01:51:31 online.cdiu.university systemd[1]: Reloading A high performance web server and a reverse proxy server.
Jan 01 01:51:31 online.cdiu.university nginx[102661]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/online.cdiu.university/fullchain.pem": B>
Jan 01 01:51:31 online.cdiu.university systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jan 01 01:51:31 online.cdiu.university systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
Jan 01 01:52:40 online.cdiu.university systemd[1]: Reloading A high performance web server and a reverse proxy server.
Jan 01 01:52:40 online.cdiu.university nginx[102702]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/online.cdiu.university/fullchain.pem": B>
Jan 01 01:52:40 online.cdiu.university systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Jan 01 01:52:40 online.cdiu.university systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
You didn't want to reload yet... 
1 Like
Let's get the clean certificate together...
What says:
certbot certificates
1 Like
root@online:/etc/letsencrypt/live# ls -l /etc/letsencrypt/archive/online.cdiu.university-0001
total 16
-rw-r--r-- 1 root root 1927 Oct 8 12:43 cert1.pem
-rw-r--r-- 1 root root 1647 Oct 8 12:43 chain1.pem
-rw-r--r-- 1 root root 3574 Oct 8 12:43 fullchain1.pem
-rw------- 1 root root 1704 Oct 8 12:43 privkey1.pem
1 Like
That looks good.
Now...
certbot certificates
1 Like
root@online:/etc/letsencrypt/live# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/online.cdiu.university.conf produced an unexpected error: expected /etc/letsencrypt/live/online.cdiu.university/cert.pem to be a symlink. Skipping.
Found the following certs:
Certificate Name: online.cdiu.university-0001
Domains: online.cdiu.university
Expiry Date: 2021-01-06 11:43:03+00:00 (VALID: 5 days)
Certificate Path: /etc/letsencrypt/live/online.cdiu.university-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/online.cdiu.university-0001/privkey.pem
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/online.cdiu.university.conf
root@online:/etc/letsencrypt/live#
1 Like
Awesome. That's what I wanted to see.
Now...
What specific subdomain names do you want on the correct certificate? Only online.cdiu.university or also www.online.cdiu.university or ?
1 Like
Ok, I really appreciate your time I hope we can fix it 
2 Likes
I believe both, or online.cdiu.university
The way it is right now, how it was working I am OK with it
1 Like
Let's get you both to be safe.
Do you manually fulfill a dns-01 challenge or an http-01 challenge, usually?
1 Like
I do this certbot certonly --manual -d 'online.cdiu.university'
It ask me to create a file with a code
1 Like
That's an http-01 challenge then. You'll need to create two files for this command...
certbot certonly --cert-name online.cdiu.university --manual -d "online.cdiu.university,www.online.cdiu.university"
1 Like
root@online:/etc/letsencrypt/renewal# certbot certonly --cert-name online.cdiu.university --manual -d "online.cdiu.university,www.online.cdiu.university"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.online.cdiu.university
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: yes
Create a file containing just this data:
TyhYe0LsPLRyvFxIp7eH8kCFnDR802MwuiN5tiz7MGg.TN1Sg4Oum8V5xFrmA4AJ7uVkGY0yOt5vRipPrtDdKio
And make it available on your web server at this URL:
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/online.cdiu.university-0002/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/online.cdiu.university-0002/privkey.pem
Your cert will expire on 2021-04-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew" -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
1 Like
That's... not quite what I expected.
Hmmm...
certbot certificates
1 Like
root@online:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/online.cdiu.university.conf produced an unexpected error: expected /etc/letsencrypt/live/online.cdiu.university/cert.pem to be a symlink. Skipping.
Found the following certs:
Certificate Name: online.cdiu.university-0001
Domains: online.cdiu.university
Expiry Date: 2021-01-06 11:43:03+00:00 (VALID: 5 days)
Certificate Path: /etc/letsencrypt/live/online.cdiu.university-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/online.cdiu.university-0001/privkey.pem
Certificate Name: online.cdiu.university-0002
Domains: online.cdiu.university www.online.cdiu.university
Expiry Date: 2021-04-01 01:10:53+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/online.cdiu.university-0002/fullchain.pem
Private Key Path: /etc/letsencrypt/live/online.cdiu.university-0002/privkey.pem
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/online.cdiu.university.conf
1 Like
Let's do some housekeeping.
It looks like you created a "backup" folder named:
/etc/letsencrypt/live/online.cdiu.university-12-31-2020
Is this correct?
1 Like